Network Security - Computer Science - University of Denver

8 downloads 84 Views 1MB Size Report
Keywords: Network Security, ARP Spoofing, Man-In-The-Middle Attack, Jam Resistance, Tor,. Traffic Analysis, Key Distribution, DDoS, Quantum Cryptography .
Network Security Ramakrishna Thurimella Colorado Research Institute for Security and Privacy University of Denver, Denver, CO 80208. USA Leemon C. Baird III Department of Computer Science United States Air Force Academy, CO 80840. USA Abstract Three pillars of security—confidentiality, integrity, and availability—are examined in the context of networks. Each is explained with known practical attacks and possible defenses against them, demonstrating that strong mathematical techniques are necessary but not sufficient to build practical systems that are secure. We illustrate how adversaries commonly side-step cryptographic protections. In addition, we contend that effective key management techniques, along with privacy concerns must be taken into account during the design of any secure online system. We conclude with a discussion of open problems for which fundamentally new methods are needed. Keywords: Network Security, ARP Spoofing, Man-In-The-Middle Attack, Jam Resistance, Tor, Traffic Analysis, Key Distribution, DDoS, Quantum Cryptography

INTRODUCTION Confidentiality, integrity and availability, often abbreviated CIA, are key security requirements in any risk analysis. In short, confidentiality is the privacy of an object, integrity is the trustworthiness and dependability (accuracy and consistency of information), and availability refers to the fact that a resource can reliably be used when desired. Stamp (2006) contains more detailed definitions of these concepts. The most common use of cryptography online is to provide confidential and authenticated communication between two parties, either in the context of web transactions or for remote access. In order to accomplish this, one needs an effective key management scheme. As a way of demonstrating that many security concepts are intertwined, we present keyless jam resistance, a method that can broadcast messages using radio frequency communication without any prior secret shared between the sender and receiver. Possibly the most difficult to achieve form of confidentiality is privacy of the identity of an individual performing some action, more commonly referred to as anonymity. While a common security goal is non-repudiation—the assurance that an individual can not retract his responsibility for an action—it's dual, the ability to disclaim responsibility for an action can be equally desirable. Modern mechanisms for generating anonymity combine the use of large groups of operators with a public-key infrastructure and data encryption to decouple an individual’s action from their identity.

1

The remainder of this chapter is organized as follows. The following section presents the necessary background material for this chapter. Next we discuss confidentiality and integrity. After that, a key aspect of privacy, online anonymity, is discussed. Availability is described throughout the chapter and discussed briefly in a separate section. Key Management section presents a comprehensive list of methods to distribute secret keys. Wireless Availability section shows how to eliminate the need for keys by presenting a novel algorithm to do jam resistance communication. We conclude with a discussion of open problems in the last section.

BACKGROUND In this section, we begin with the basics of cryptography, pointing out the difference between symmetric and asymmetric encryption, followed by a description of the Diffie-Hellman key exchange protocol. Next, we present an abstract description of the man-in-the-middle attack. After that, we give some networking details that are necessary to understand a concrete man-inthe-middle attack on modern local-area networks.

Cryptography We first begin with a general discussion on cryptography. Figure 1 shows the process of encryption followed by a description. First, the plaintext is transformed into cipher text by applying a key Ke. Applying another key Kd, possibly different from Ke, retrieves the original.

Ke

Kd

Cipher Text

Plain Text Encrypt

Original Text Decrypt

Figure 1 Process of encryption and decryption. In symbols, this process is shown as P = D(Kd,E(Ke,P)). The encryption and decryption methods, when combined, are known as a cipher. When the decryption key is the same as the encryption key, or efficiently derivable from it, the process is known as symmetric encryption; otherwise, it is called asymmetric encryption. Two popular symmetric encryption methods are Advanced Encryption Standard (AES) (Daemen & Rijmen, 2002) and Triple Data Encryption Standard (3DES) (“Data Encryption Standard,” (2009)). The main difficulty with symmetric encryption is key distribution—getting the communicating parties to agree upon a common key. This problem is discussed at length later in the Chapter. In public key cryptography, each communicating entity maintains one private key and one public key, Kpriv and Kpub respectively. Extending the previous notation, asymmetric encryption can be shown as P = D(Kpriv,E(Kpub,P)).

2

As the names imply, the public key is made available freely to anyone who wishes to use it, but the private key is kept secret. So, if Alice wishes to communicate with Bob, she encrypts the message with Bob’s public key (which is openly available) and sends the encrypted message to Bob. Anyone eavesdropping on this communication cannot decrypt the message unless they have Bob’s secret key. Since anyone who wants to communicate with Bob can easily get access to his public key, public key cryptography does not suffer from the key distribution problem. However, public key cryptography does have a different drawback. It entails performing modular arithmetic over large integers (few hundred digits long) which is computationally expensive. In practice, a hybrid method is used: public key cryptography is used initially to exchange a random symmetric key, and this random key is used for the remainder of the session. Two popular public key methods are RSA (Rivest et al., 1978) and ElGamal (1985). Public key cryptography has another very desirable property. The public and private keys can be applied in the reverse order: P = D(Kpub,E(Kpriv,P)). If Bob sends Alice E(Kpriv,P), then Alice can be assured that the message P came from Bob as only Bob has access to Kpriv. In this case, P is said to be digitally signed by Bob.

Diffie-Hellman Key Exchange Protocol The Diffie-Hellman (DH) protocol allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communication channel (Diffie & Hellman, 1976). This protocol is also known as Diffie-Hellman-Merkle (“Diffie-Hellman,” 2009). In short, DH is based on the fact that

(g a mod p)b mod p = (g b mod p)a mod p where all computations are performed over a group of integers modulo p for some large prime p. Its cryptographic strength comes from the fact that it is easy to compute powers modulo a prime but hard to reverse the process when large integers are involved. This intractable problem is known as the discrete log problem. For example, if p were a prime of at least 300 digits, and a and b were at least 100 digits long, then even the best algorithms known today could not find a given only g, p, and ga mod p, even using all of mankind's computing power (“Diffie-Hellman,” 2009). In practice is g usually either 2 or 5. Alice and Bob can agree on a shared secret by perform the following steps (all arithmetic is modulo p): 1. 2. 3. 4. 5.

Alice and Bob agree on a large prime p and a generator g. Alice picks a random number a, 0